Details of VAR-202112-2346

ID

VAR-202112-2346

CVE

CVE-2021-45603

TITLE

plural NETGEAR Device information disclosure vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-017180

DESCRIPTION

Certain NETGEAR devices are affected by disclosure of sensitive information. A UPnP request reveals a device's serial number, which can be used for a password reset. This affects D7800 before 1.0.1.66, EX2700 before 1.0.1.68, WN3000RPv2 before 1.0.0.90, WN3000RPv3 before 1.0.2.100, LBR1020 before 2.6.5.20, LBR20 before 2.6.5.32, R6700AX before 1.0.10.110, R7800 before 1.0.2.86, R8900 before 1.0.5.38, R9000 before 1.0.5.38, RAX10 before 1.0.10.110, RAX120v1 before 1.2.3.28, RAX120v2 before 1.2.3.28, RAX70 before 1.0.10.110, RAX78 before 1.0.10.110, XR450 before 2.3.2.130, XR500 before 2.3.2.130, and XR700 before 1.0.1.46. This affects D7800 prior to 1.0.1.66, EX2700 prior to 1.0.1.68, WN3000RPv2 prior to 1.0.0.90, WN3000RPv3 prior to 1.0.2.100, LBR1020 prior to 2.6.5.20, LBR20 prior to 2.6.5.32, R6700AX prior to 1.0.10.110, R7800 prior to 1.0.2.86, R8900 prior to 1.0.5.38, R9000 prior to 1.0.5.38, RAX10 prior to 1.0.10.110, RAX120v1 prior to 1.2.3.28, RAX120v2 prior to 1.2.3.28, RAX70 prior to 1.0.10.110, RAX78 prior to 1.0.10.110, XR450 prior to 2.3.2.130, XR500 prior to 2.3.2.130, and XR700 prior to 1.0.1.46

Trust: 1.71

sources: NVD: CVE-2021-45603 // JVNDB: JVNDB-2021-017180 // VULMON: CVE-2021-45603

AFFECTED PRODUCTS

vendor:	netgear	model:	xr500	scope:	lt	version:	2.3.2.130	Trust: 1.0
vendor:	netgear	model:	lbr20	scope:	lt	version:	2.6.5.32	Trust: 1.0
vendor:	netgear	model:	rax120v2	scope:	lt	version:	1.2.3.28	Trust: 1.0
vendor:	netgear	model:	rax10	scope:	lt	version:	1.0.10.110	Trust: 1.0
vendor:	netgear	model:	ex2700	scope:	lt	version:	1.0.1.68	Trust: 1.0
vendor:	netgear	model:	r6700ax	scope:	lt	version:	1.0.10.110	Trust: 1.0
vendor:	netgear	model:	rax78	scope:	lt	version:	1.0.10.110	Trust: 1.0
vendor:	netgear	model:	lbr1020	scope:	lt	version:	2.6.5.20	Trust: 1.0
vendor:	netgear	model:	r7800	scope:	lt	version:	1.0.2.86	Trust: 1.0
vendor:	netgear	model:	r9000	scope:	lt	version:	1.0.5.38	Trust: 1.0
vendor:	netgear	model:	xr700	scope:	lt	version:	1.0.1.46	Trust: 1.0
vendor:	netgear	model:	wn3000rpv3	scope:	lt	version:	1.0.2.100	Trust: 1.0
vendor:	netgear	model:	rax120v1	scope:	lt	version:	1.2.3.28	Trust: 1.0
vendor:	netgear	model:	wn3000rpv2	scope:	lt	version:	1.0.0.90	Trust: 1.0
vendor:	netgear	model:	rax70	scope:	lt	version:	1.0.10.110	Trust: 1.0
vendor:	netgear	model:	r8900	scope:	lt	version:	1.0.5.38	Trust: 1.0
vendor:	netgear	model:	xr450	scope:	lt	version:	2.3.2.130	Trust: 1.0
vendor:	netgear	model:	d7800	scope:	lt	version:	1.0.1.66	Trust: 1.0
vendor:	ネットギア	model:	lbr1020	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	d7800	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	lbr20	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	wn3000rpv2	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	ex2700	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r9000	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r6700ax	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r7800	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r8900	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	wn3000rpv3	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-017180 // NVD: CVE-2021-45603

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-45603
value:	MEDIUM
Trust: 1.0
cve@mitre.org:	CVE-2021-45603
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-45603
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202112-2399
value:	MEDIUM
Trust: 0.6
VULMON:	CVE-2021-45603
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2021-45603
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9

nvd@nist.gov:	CVE-2021-45603
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 1.0
cve@mitre.org:	CVE-2021-45603
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	1.8
impactScore:	4.2
version:	3.1
Trust: 1.0
NVD:	CVE-2021-45603
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULMON: CVE-2021-45603 // JVNDB: JVNDB-2021-017180 // CNNVD: CNNVD-202112-2399 // NVD: CVE-2021-45603 // NVD: CVE-2021-45603

PROBLEMTYPE DATA

problemtype:	CWE-200	Trust: 1.0
problemtype:	information leak (CWE-200) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-017180 // NVD: CVE-2021-45603

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202112-2399

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202112-2399

PATCH

title:	Security Advisory for Post-Authentication Command Injection & Sensitive Information Disclosure on Multiple Products, PSV-2021-0169 & PSV-2021-0171	url:	https://kb.netgear.com/000064407/Security-Advisory-for-Post-Authentication-Command-Injection-Sensitive-Information-Disclosure-on-Multiple-Products-PSV-2021-0169-PSV-2021-0171	Trust: 0.8
title:	Netgear NETGEAR Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=177120	Trust: 0.6

sources: JVNDB: JVNDB-2021-017180 // CNNVD: CNNVD-202112-2399

EXTERNAL IDS

db:	NVD	id:	CVE-2021-45603	Trust: 3.3
db:	JVNDB	id:	JVNDB-2021-017180	Trust: 0.8
db:	CNNVD	id:	CNNVD-202112-2399	Trust: 0.6
db:	VULMON	id:	CVE-2021-45603	Trust: 0.1

sources: VULMON: CVE-2021-45603 // JVNDB: JVNDB-2021-017180 // CNNVD: CNNVD-202112-2399 // NVD: CVE-2021-45603

REFERENCES

url:	https://immersivelabs.com/resources/blog/netgear-vulnerabilities-could-put-small-business-routers-at-risk/	Trust: 1.7
url:	https://kb.netgear.com/000064407/security-advisory-for-post-authentication-command-injection-sensitive-information-disclosure-on-multiple-products-psv-2021-0169-psv-2021-0171	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-45603	Trust: 1.4
url:	https://www.immersivelabs.com/press/netgear-vulnerabilities-could-put-small-business-routers-at-risk/	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/200.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULMON: CVE-2021-45603 // JVNDB: JVNDB-2021-017180 // CNNVD: CNNVD-202112-2399 // NVD: CVE-2021-45603

SOURCES

db:	VULMON	id:	CVE-2021-45603
db:	JVNDB	id:	JVNDB-2021-017180
db:	CNNVD	id:	CNNVD-202112-2399
db:	NVD	id:	CVE-2021-45603

LAST UPDATE DATE

2024-11-23T22:47:32.677000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2021-45603	date:	2022-01-06T00:00:00
db:	JVNDB	id:	JVNDB-2021-017180	date:	2023-01-06T06:22:00
db:	CNNVD	id:	CNNVD-202112-2399	date:	2022-01-10T00:00:00
db:	NVD	id:	CVE-2021-45603	date:	2024-11-21T06:32:38.527

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2021-45603	date:	2021-12-26T00:00:00
db:	JVNDB	id:	JVNDB-2021-017180	date:	2023-01-06T00:00:00
db:	CNNVD	id:	CNNVD-202112-2399	date:	2021-12-26T00:00:00
db:	NVD	id:	CVE-2021-45603	date:	2021-12-26T01:15:17.853